1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "fuzzer/FuzzedDataProvider.h"
16 #include "scan_manager_client.h"
17 #include "scan_callback.h"
18 #include "scanner_info.h"
19 #include "scancallback_fuzzer.h"
20
21 namespace OHOS::Scan {
22 constexpr uint8_t MAX_STRING_LENGTH = 255;
23 constexpr int MAX_SET_NUMBER = 100;
24 constexpr size_t FOO_MAX_LEN = 1024;
25 constexpr size_t U32_AT_SIZE = 4;
26
TestSetCallbackParam(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)27 void TestSetCallbackParam(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
28 {
29 CallbackParam param;
30 std::mutex mutex;
31 napi_env env = nullptr;
32 napi_ref ref = nullptr;
33 param.InitialCallbackParam(env, ref, mutex);
34 uint32_t state = dataProvider->ConsumeIntegralInRange<uint32_t>(0, MAX_SET_NUMBER);
35 ScanDeviceInfoTCP tcpInfo;
36 param.SetCallbackParam(state, tcpInfo);
37 }
38
TestSetCallbackSyncParam(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)39 void TestSetCallbackSyncParam(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
40 {
41 CallbackParam param;
42 std::mutex mutex;
43 napi_env env = nullptr;
44 napi_ref ref = nullptr;
45 param.InitialCallbackParam(env, ref, mutex);
46 uint32_t state = dataProvider->ConsumeIntegralInRange<uint32_t>(0, MAX_SET_NUMBER);
47 ScanDeviceInfoSync syncInfo;
48 param.SetCallbackSyncParam(state, syncInfo);
49 }
50
TestOnCallback(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)51 void TestOnCallback(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
52 {
53 napi_env env = nullptr;
54 napi_ref ref = nullptr;
55 ScanCallback callBack(env, ref);
56 uint32_t state = dataProvider->ConsumeIntegralInRange<uint32_t>(0, MAX_SET_NUMBER);
57 ScanDeviceInfoTCP tcpInfo;
58 callBack.OnCallback(state, tcpInfo);
59 ScanDeviceInfo deviceInfo;
60 callBack.OnCallback(state, deviceInfo);
61 }
62
TestOnCallbackSync(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)63 void TestOnCallbackSync(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
64 {
65 napi_env env = nullptr;
66 napi_ref ref = nullptr;
67 ScanCallback callBack(env, ref);
68 std::mutex mutex;
69 uint32_t state = dataProvider->ConsumeIntegralInRange<uint32_t>(0, MAX_SET_NUMBER);
70 ScanDeviceInfoSync syncInfo;
71 callBack.OnCallbackSync(state, syncInfo);
72 }
73
TestOnGetFrameResCallback(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)74 void TestOnGetFrameResCallback(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
75 {
76 napi_env env = nullptr;
77 napi_ref ref = nullptr;
78 ScanCallback callBack(env, ref);
79 bool isGetSucc = dataProvider->ConsumeBool();
80 int32_t sizeRead = dataProvider->ConsumeIntegralInRange<int32_t>(0, MAX_SET_NUMBER);
81 callBack.OnGetFrameResCallback(isGetSucc, sizeRead);
82 }
83
TestOnScanInitCallback(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)84 void TestOnScanInitCallback(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
85 {
86 napi_env env = nullptr;
87 napi_ref ref = nullptr;
88 ScanCallback callBack(env, ref);
89 int32_t scanVersion = dataProvider->ConsumeIntegralInRange<int32_t>(0, MAX_SET_NUMBER);
90 callBack.OnScanInitCallback(scanVersion);
91 }
92
TestOnSendSearchMessage(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)93 void TestOnSendSearchMessage(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
94 {
95 napi_env env = nullptr;
96 napi_ref ref = nullptr;
97 ScanCallback callBack(env, ref);
98 std::string message = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
99 callBack.OnSendSearchMessage(message);
100 }
101
TestOnGetDevicesList(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)102 void TestOnGetDevicesList(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
103 {
104 napi_env env = nullptr;
105 napi_ref ref = nullptr;
106 ScanCallback callBack(env, ref);
107 int32_t infoSize = dataProvider->ConsumeIntegralInRange<int32_t>(0, MAX_SET_NUMBER);
108 std::vector<ScanDeviceInfo> infos(infoSize);
109 callBack.OnGetDevicesList(infos);
110 }
111
112 }
113
114 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)115 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
116 {
117 if (data == nullptr) {
118 return 0;
119 }
120
121 if (size < OHOS::Scan::U32_AT_SIZE || size > OHOS::Scan::FOO_MAX_LEN) {
122 return 0;
123 }
124 FuzzedDataProvider dataProvider(data, size);
125 OHOS::Scan::TestSetCallbackParam(data, size, &dataProvider);
126 OHOS::Scan::TestSetCallbackSyncParam(data, size, &dataProvider);
127 OHOS::Scan::TestOnCallback(data, size, &dataProvider);
128 OHOS::Scan::TestOnCallbackSync(data, size, &dataProvider);
129 OHOS::Scan::TestOnGetFrameResCallback(data, size, &dataProvider);
130 OHOS::Scan::TestOnScanInitCallback(data, size, &dataProvider);
131 OHOS::Scan::TestOnSendSearchMessage(data, size, &dataProvider);
132 OHOS::Scan::TestOnGetDevicesList(data, size, &dataProvider);
133
134 return 0;
135 }
136
137